Cryptography for Ethical Hackers

Cryptography is the science of securing information by transforming it into a form that only authorized parties can read or use. Every aspect of digital security — from HTTPS connections to password storage to disk encryption — depends on cryptographic principles. An ethical hacker who understands cryptography can identify weak implementations, broken algorithms, and misconfigured certificates that expose sensitive data.

The Two Goals of Cryptography

Confidentiality

Confidentiality ensures that only intended recipients can read the data. Encryption converts plaintext (readable data) into ciphertext (scrambled, unreadable data). Without the correct key, ciphertext reveals nothing useful.

Integrity

Integrity ensures that data has not been altered in transit. Cryptographic hashes and digital signatures allow recipients to verify that data arrived exactly as it was sent — any modification, even changing a single bit, produces a completely different hash value that exposes tampering.

Modern security also adds Authentication (verifying who sent the data) and Non-repudiation (preventing a sender from denying they sent it) — together these four properties form the CIA-AN model in cryptographic security.

Symmetric Encryption

Symmetric encryption uses the same key to encrypt and decrypt data. It is fast and efficient — ideal for encrypting large amounts of data. The fundamental challenge: both parties must have the same key, and that key must be exchanged securely without being intercepted.

AES (Advanced Encryption Standard)

AES is the current gold standard for symmetric encryption. It operates on fixed-size blocks (128 bits) and supports key sizes of 128, 192, or 256 bits. AES-256 is used in military-grade encryption, VPNs, disk encryption (BitLocker, VeraCrypt), and HTTPS traffic. No practical attack against properly implemented AES exists.

DES and 3DES

DES (Data Encryption Standard) uses a 56-bit key — small enough that brute force can crack it in hours with modern hardware. 3DES applies DES three times with different keys to extend effective key length. Both are considered legacy algorithms. Organizations still running DES or 3DES fail PCI-DSS and other compliance audits. Ethical hackers identify their use as a finding.

Stream Ciphers: RC4

RC4 is a stream cipher — it encrypts data byte by byte rather than in blocks. RC4 was once used in SSL/TLS and WEP. Its statistical biases make it vulnerable to cryptanalysis. RC4 in any protocol is now treated as broken and its presence in a system is a reportable vulnerability.

Asymmetric Encryption

Asymmetric encryption uses a pair of mathematically linked keys: a public key and a private key. Data encrypted with the public key can only be decrypted with the matching private key, and vice versa. The public key is shared openly; the private key is kept secret.

This solves the key exchange problem: anyone can use your public key to encrypt a message only you can read. They never need to receive a secret key from you first.

RSA

RSA is the most widely used asymmetric algorithm. Its security relies on the mathematical difficulty of factoring the product of two large prime numbers. RSA with a 2048-bit key is currently secure; 4096-bit is recommended for long-term security. Keys below 1024 bits are broken. Ethical hackers check SSL/TLS certificates and SSH configurations for RSA key sizes below the recommended minimum.

Elliptic Curve Cryptography (ECC)

ECC provides equivalent security to RSA with much smaller key sizes. A 256-bit ECC key offers comparable security to a 3072-bit RSA key. Smaller keys mean faster operations and lower resource consumption — important for mobile devices and embedded systems. ECC powers modern TLS connections and cryptocurrency wallets.

Hybrid Encryption: How TLS Works

Symmetric encryption is fast but has a key exchange problem. Asymmetric encryption solves the key exchange problem but is slow for bulk data. TLS (Transport Layer Security — the protocol behind HTTPS) uses both:

  1. The browser and server use asymmetric encryption (RSA or ECC) to securely exchange a symmetric key — the "session key."
  2. All subsequent data in the session is encrypted with the symmetric session key (AES) — fast and efficient.

This hybrid approach gets the security of asymmetric key exchange and the performance of symmetric bulk encryption. Every HTTPS connection works this way.

Hashing in Security

Cryptographic hash functions convert data of any size into a fixed-length output. They are one-way — no key, no reversal. The same input always produces the same output. Any change to the input produces a completely different output (the avalanche effect).

Uses of Hashing

Use CaseHow It WorksAlgorithm Used
Password storageStore hash; verify by hashing input and comparingbcrypt, Argon2, SHA-256
File integrityHash a file before and after transfer; compareSHA-256, SHA-512
Digital signaturesSign the hash of a message, not the entire messageSHA-256 with RSA or ECDSA
HMAC (message authentication)Hash with a secret key to authenticate a message sourceHMAC-SHA256

Digital Certificates and PKI

A digital certificate binds a public key to an identity (a domain name, organization, or person). When you visit https://bank.com, your browser receives the bank's certificate. It verifies that the certificate was signed by a trusted Certificate Authority (CA) and that the domain name matches. This process confirms you are talking to the real bank, not an impersonator.

Public Key Infrastructure (PKI)

PKI is the system of CAs, certificates, and revocation mechanisms that makes digital certificates trustworthy. A root CA signs intermediate CA certificates; intermediate CAs sign end-entity certificates. Your browser and operating system include a pre-installed list of trusted root CAs. Any certificate signed by a trusted root — directly or through a chain of intermediates — is trusted automatically.

Common Certificate Vulnerabilities

  • Expired certificates — A certificate past its validity date triggers browser warnings and indicates poor security hygiene.
  • Self-signed certificates — No trusted CA signed it; the identity cannot be verified. Acceptable in internal environments; never acceptable for public-facing services.
  • Weak signature algorithm — Certificates signed with SHA-1 or MD5 are considered broken and should be replaced with SHA-256 or higher.
  • Small key size — RSA keys below 2048 bits are no longer considered secure.
  • Certificate transparency issues — Misissued certificates for domains the requestor does not own; found by searching certificate transparency logs (crt.sh).

SSL/TLS Attacks

POODLE (Padding Oracle On Downgraded Legacy Encryption)

POODLE forces a TLS connection to downgrade to the broken SSL 3.0 protocol, then exploits a padding oracle vulnerability in SSL 3.0's CBC mode to decrypt the session. Modern browsers and servers have disabled SSL 3.0, but ethical hackers test whether targets still allow the downgrade.

BEAST, CRIME, BREACH

These attacks exploit specific weaknesses in older TLS cipher suites and compression mechanisms. BEAST attacks CBC mode in TLS 1.0. CRIME and BREACH exploit TLS compression to recover cookies by observing ciphertext length changes. Modern TLS configurations disabling these cipher suites and compression are immune.

SSL Stripping

SSL stripping downgrades an HTTPS connection to HTTP by intercepting the initial HTTP request before the browser requests a secure connection. The victim's browser communicates in plaintext with the attacker, who forwards requests to the real server over HTTPS. The victim sees a normal website; the attacker sees all traffic in plaintext. HSTS (HTTP Strict Transport Security) defeats SSL stripping by instructing browsers to always use HTTPS for specific domains.

Cryptographic Attacks Summary

Ethical hackers test for these common cryptographic weaknesses:

  • Use of broken algorithms (MD5, SHA-1, DES, RC4, SSL 3.0, TLS 1.0)
  • Insufficient key sizes (RSA below 2048, DH below 2048)
  • Hardcoded encryption keys in source code
  • Predictable IV (Initialization Vector) in CBC mode encryption
  • Weak random number generators producing guessable keys or tokens
  • Improper certificate validation (trusting all certificates regardless of CA)

Key Points

  • Symmetric encryption (AES) uses one key for both encryption and decryption — fast but requires secure key exchange.
  • Asymmetric encryption (RSA, ECC) uses a public/private key pair — solves key exchange but is slower than symmetric.
  • TLS uses both: asymmetric for key exchange, symmetric for bulk data encryption.
  • Hashing converts data to a fixed-length one-way fingerprint used for password storage, integrity verification, and digital signatures.
  • Digital certificates bind public keys to identities; PKI provides the trust hierarchy that makes certificates reliable.
  • Broken algorithms — MD5, SHA-1, DES, RC4, SSL 3.0 — are security findings that ethical hackers document and recommend replacing.
Previous lessons
Back to courses
Next lessons

Leave a Comment